Information Technology Act - Cyber Security in India

1. Internet Security and Legal Compliance: Regulating Cyberspace – Version 2.0 Rodney D. Ryder Rodney D. Ryder Scriboard

3. The need for a national strategy Internet Law and Policy: New Media Regulation and India Rodney D. Ryder Scriboard

13. Data Privacy and the National Cyber Security Program Data Privacy and Indian Law Rodney D. Ryder Scriboard

19. Possible approaches to Data Protection Data Protection Worldwide Rodney D. Ryder Scriboard

21. Industrialised Countries Legislation timeline Rodney D. Ryder Scriboard South Korea eCommerce Act In force January 1999 New Zealand Privacy Act In force 1 July 1993 United States (includes) CPP Act 1984 VPP Act 1988 COPP Act 1998 In force 21 April 2000 HIPA Act In force 14 April 2001 GLB Act In force 1 July 2001 ‘ General’ Act Under consideration Finland Personal DP Act In force 1 June 1999 Denmark Act on Processing f PD In force 1 July 2000 Luxembourg - Netherlands Law on Protection PD ct In force 1 Sep 2001 Greece Protection Processing In force 10 April 1997 Ireland - Eastern Europe Estonia (96) Poland (98) Solovak (98) Slovenia (99) Hungary (99) Czech (00) Latvia (00) Lithuania (00) Portugal Personal DP Act In force 27 October 1998 Spain Data Protection Act In force 13 January 2000 Canada PIP&ED Act Commenced 1 Jan 2001 United Kingdom Data Protection Act In force 1 March 2000 France - Australia Privacy Act In force 21 Dec 2001 Sweden Personal Data Act In force 24 October 1998 Belgium Data Protection Act In force 1 Sep 2001 Norway Personal D Reg Act In force 14 April 2000 Italy Data Protection Act In force 8 May 1997 Austria Data Protection Act In force 1 January 2000 Germany Data Protection Act In force 23 May 2001 Switzerland Data Protection Act In force 1 June 1999 Taiwan Computer Processed DP In force 11 August 1995 Hong Kong Personal Data (Privacy ) In force 20 Dec 1996 Mexico eCommerce Act In force 7 June 2000

22. Possible approaches to Data Protection Data Protection in Europe Rodney D. Ryder Scriboard

24. UK DPA 1998 - The Eight Principles 1. Personal data must be processed fairly and lawfully 2. Personal data must be collected and used only for notified purposes. 3. Personal data must be adequate, relevant and not excessive. 4. Personal data must be accurate and, where necessary, kept up-to-date. 5. Personal data must only be retained for as long as is necessary to carry out the purposes for which it is collected. 6. Personal data must be processed in accordance with the rights of data subjects as set out under the 1998 Act. Rodney D. Ryder Scriboard

25. UK DPA 1998 - The Eight Principles 7. Appropriate technical and organisational measures must be in place to protect against unauthorised access, amendment or loss of personal data. There must be a contractual obligation, in writing, upon any data processor to comply with the relevant legislation and to ensure that such measures have been put in place. 8. Personal information must not be transferred out of the European Economic Area ("EEA") unless the receiving country ensures "an adequate level of protection" for the rights and freedoms of the data subjects vis-à-vis the processing of personal data. Rodney D. Ryder Scriboard

26. Transfers of Personal Data from Europe to India The Eighth Principle Personal information must not be transferred out of the European Economic Area ("EEA") unless the receiving country ensures "an adequate level of protection" for the rights and freedoms of the data subjects vis-à-vis the processing of personal data. Rodney D. Ryder Scriboard

28. Possible models for India Data Protection in the USA Rodney D. Ryder Scriboard

32. Digital Rights Management Digital Rights Management Rodney D. Ryder Scriboard

33. Copyright Law and Practice: a historical timeline Technology and the Law – the stages of copyright law The ‘monastic’ or ‘gurukul’ [oral tradition] The birth of copyright [Gutenberg and the Printing Press] The era of promiscuity: the Internet and Technology [the WIPO Copyright Treaty and the ‘DMCA’] The ‘World’s Biggest Copying Machine’ [PC Week; January 27, 1997] Rodney D. Ryder Scriboard

35. Napster – the file sharing mechanism [A & M Records, Inc. v. Napster, Inc.; 239 F. 3d 1004; 9 th Cir. 2001] Rodney D. Ryder Scriboard

36. Bit Torrent – the tracker device Rodney D. Ryder Scriboard

37. Preventing Piracy [I] – Technical Measures Copy Protection [Encryption – encoding digital content to prevent it from being viewed; Copy Control Flags – digital ‘flags’ inserted as indicators; CD Copy Protection – insertion of an ‘additional’ track to prevent unauthorised recording] Copyright Protection [Digital Watermarking – digital signals embedded to detect or verify originality; Digital fingerprinting – digital signal embedded in the file containing information on the buyer] Cross-industry protection measures [Secure Digital Music Initiative [SDMI] – developed by a consortium of music companies; uses watermarking and copy protection] Rodney D. Ryder Scriboard

40. Electronic Mark Rodney D. Ryder Scriboard

41. Electronic Mark: an illustration Rodney D. Ryder Scriboard

42. Digital Rights Management Software Rodney D. Ryder Scriboard

43. Digital Rights Management Software Rodney D. Ryder Scriboard

44. Digital Rights Management: the law and technology partnership Rodney D. Ryder Scriboard

45. Any questions? Rodney D. Ryder Scriboard

46. Internet Security and Legal Compliance Regulating Cyberspace – Version 2.0 Rodney D. Ryder [email_address] Technology, Media and Communications